Correctly initialize and update git submodules for IDF in autobuild.sh

Fixing autobuild script so ESP32 binaries now built correctly

CMakeLists.txt

@@ -83,7 +83,7 @@ set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c
 )
 
-SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/hsm/version.h" 3)
+SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/hsm/version.h" 2)
 
 if(ESP_PLATFORM)
     project(pico_hsm)

build_pico_hsm.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 VERSION_MAJOR="6"
-VERSION_MINOR="4"
+VERSION_MINOR="2"
 SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}"
 #if ! [[ -z "${GITHUB_SHA}" ]]; then
 #    SUFFIX="${SUFFIX}.${GITHUB_SHA}"

src/hsm/kek.c

@@ -37,6 +37,19 @@ uint8_t mkek_mask[MKEK_KEY_SIZE];
 bool has_mkek_mask = false;
 uint8_t pending_save_dkek = 0xff;
 
+#define POLY 0xedb88320
+
+uint32_t crc32c(const uint8_t *buf, size_t len) {
+    uint32_t crc = 0xffffffff;
+    while (len--) {
+        crc ^= *buf++;
+        for (int k = 0; k < 8; k++) {
+            crc = (crc >> 1) ^ (POLY & (0 - (crc & 1)));
+        }
+    }
+    return ~crc;
+}
+
 void mkek_masked(uint8_t *mkek, const uint8_t *mask) {
     if (mask) {
         for (int i = 0; i < MKEK_KEY_SIZE; i++) {

src/hsm/version.h

@@ -18,7 +18,7 @@
 #ifndef __VERSION_H_
 #define __VERSION_H_
 
-#define HSM_VERSION 0x0604
+#define HSM_VERSION 0x0602
 
 #define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
 #define HSM_VERSION_MINOR (HSM_VERSION & 0xff)

tools/pico-hsm-tool.py

@@ -172,12 +172,6 @@ def parse_args():
     parser_bip32_sign.add_argument('--file-in', help='File to sign.')
     parser_bip32_sign.add_argument('--file-out', help='File to write the signature.')
 
-    parser_pubkey = subparser.add_parser('pubkey', help='Retrieves the public key of a private key.')
-    parser_pubkey.add_argument('-k', '--key', help='The private key index', metavar='KEY_ID', required=True)
-    parser_pubkey.add_argument('--format', choices=['PEM', 'DER', 'OpenSSH'], default='PEM', help='The output format of the public key')
-    parser_pubkey.add_argument('--file-out', help='File to write the public key.')
-    parser_pubkey.add_argument('--curve',  choices=['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1'], help='The curve of the public key. [Required for ECDSA keys]')
-
     args = parser.parse_args()
     return args
 
@@ -551,19 +545,6 @@ def parse_derivation_path(path):
             e = e[:-1]
         indices.append(int(e) + off)
     return indices
-def pubkey(picohsm, args):
-    kid = int(args.key)
-    res = picohsm.public_key(kid, args.curve)
-    key_dat = res.public_bytes(
-       encoding=Encoding.PEM if args.format == 'PEM' else Encoding.DER if args.format == 'DER' else Encoding.OpenSSH,
-       format=PublicFormat.SubjectPublicKeyInfo if args.format in ['PEM', 'DER'] else PublicFormat.OpenSSH)
-    if (args.file_out):
-        fout = open(args.file_out, 'wb')
-    else:
-        fout = sys.stdout.buffer
-    fout.write(key_dat if args.format == 'PEM' or args.format == 'OpenSSH' else bytes(key_dat))
-    if (args.file_out):
-        fout.close()
 
 def main(args):
     sys.stderr.buffer.write(b'Pico HSM Tool v2.4\n')
@@ -601,12 +582,10 @@ def main(args):
         memory(picohsm, args)
     elif (args.command == 'bip32'):
         bip32(picohsm, args)
-    elif (args.command == 'pubkey'):
-        pubkey(picohsm, args)
 
 def run():
     args = parse_args()
     main(args)
 
 if __name__ == "__main__":
-    run()
+    run()

workflows/autobuild.sh

@@ -29,6 +29,7 @@ sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv c
 git clone --recursive https://github.com/espressif/esp-idf.git
 cd esp-idf
 git checkout tags/v5.5
+git submodule update --init --recursive
 ./install.sh esp32s3
 . ./export.sh
 cd ..